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DETAILED ACTION 
Rejections 

1 . The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 103 

2. Claims 1 . 3-6. 24. 25. and 27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Urata (U.S. Patent No. 6,799,272) in view of Kawan (U.S. Patent No. 
6,289,324). 

Regarding claims 1 and 27 . Urata teaches a method/computer readable medium 
for preventing counterfeiting and cloning of smart cards, comprising: 

• Providing a smart card with a cryptographic structure for authorizing the smart 
card which cannot be accessed completely by a predetermined small number of 
readings (col. 2, lines 32-52). 

Urata does not teach wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof. 

Kawan teaches wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof (col. 9, lines 36-43). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine wherein said cryptographic structure can be built only 
by whoever emits the card or an agent thereof, as taught by Kawan . with the method of 
Urate. It would have been obvious for such modifications because keeping the 
cryptographic structure secret to only those who emit the card prevents someone from 
counterfeiting a smart card (see col. 9, lines 36-40 of Kawan). 

Regarding claim 24 . Urata teaches a method of preventing counterfeiting of a 
smart card, comprising: 

• Providing a smart card such that none of confidential information and a 
cryptographic key for authorizing the smart card, is carried on the smart card (col. 
2, lines 32-52); 

• Reading said card by a reader such that in each reading, said reader reads only 
a predetermined small amount of information which makes the card unique (col. 
2, lines 32-52). 

Urata does not specifically teach a reader for the smart card, but an 
authentication center that receives the data over a communication system. 

Kawan teaches a reader for the smart card (fig. 2, ref. num 210). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a smart card reader, as taught by Kawan . with the 
method of Urata . It would have been obvious for such modifications because a smart 
card reader provides the interfacing means for accessing the information on the smart 
card. 

Regarding claims 3 and 25 . the combination of Urata as modified by Kawan 
teaches wherein an entire process of said method is performable off-line (see col. 5, 
lines 47-59 of Kawan). 

Regarding claim 4 , the combination of Urata as modified by Kawan teaches 

wherein said smart card carries thereon predetermined N channels as C1, C2 CN, 

where N is an integer, wherein each channel Ci, with i equal to 1 , 2 N, carries a pair 

of numbers (hi, li), and wherein hi is the i th high number and li is the I th low number (see 
col. 2, lines 32-52 and fig. 1, ref. num 106, 128, and 142 of Urata). 

Regarding claim 5 , the combination of Urata as modified by Kawan teaches 
further comprising using public key cryptography with associated encoding and 
decoding functions Vi and Vi" 1 in each channel i, wherein each function Vi" 1 is known 
publicly, and Vi is known only to a predetermined party representing an owner of the 
smart card (see page 6, lines 1-5 of applicants disclosure, applicant submits this 
information is well known as taught by Menezes et al.). 
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Regarding claim 6 . the combination of Urata as modified by Kawan teaches 
wherein for each i in 1 , 2, ... , N, the pair (hi, li) is such that hi = Vi(li), or hi = Vi(K(li)), 
where K represents a publicly-known cryptographic hash function, and wherein each li 
contains a plurality of symbols for redundancy (see page 6, lines 6-8 of applicants 
disclosure, applicant submits this information is well known as taught by Menezes et al.). 

Regarding claim 7 . the combination of Urata as modified by Kawan teaches 
further comprising processing, using an invertible function f which is made public, such 
that the low numbers in said smart card satisfy l(i+j) = ^(li), where f* represents the j* 1 
iteration of the function f (see col. 5, line 48 through col. 6, line 25 of Urata). 

Regarding claim 9 . the combination of Urata as modified by Kawan teaches 
wherein a reader obtains a content of only two of said channels (see col. 2, lines 37-47 
of Urata). 

Regarding claim 13 . the combination of Urata as modified by Kawan teaches 
wherein said cryptographic structure is changed periodically (see col. 6, lines 33-42 of 
Urata). 

Claims 8 and 15-18. and 20-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Urata (USPN '272) in view of Kawan (USPN '324), and further in 
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view of Schneier, "Applied Cryptography: Protocols, Algorithms, and Source Code in C." 
Second Edition, pps. 466-474 (hereinafter Schneier). 

Regarding claim 8 . the combination of Urata as modified by Kawan teaches all 
the limitations of claims 1,4,5, and 6, above. However, the combination of Urata as 
modified by Kawan does not teach wherein a reader includes a random number 
generator, which, when a card is read, chooses a pair (a, b) of distinct numbers with a < 
b between 1 and N, wherein before processing the smart card, the reader obtains the 
pair (ha, la) and hb, and using the public keys Va- 1 and Vb- 1 , checking by the reader 
whether the pairs (ha, la) and (hb, lb) are compatible, and, consequently, that the 
numbers ha, la, and hb belong to a same legitimate card. 

Schneier teaches: 

• Wherein a reader includes a random number generator, which, when a card is 
read, chooses a pair (a, b) of distinct numbers with a < b between 1 and N, 
wherein before processing the smart card, the reader obtains the pair (ha, la) and 
hb (a step of an RSA algorithm, choose two prime numbers, page 467); 

• Using the public keys Va- 1 and Vb- 1 , checking by the reader whether the pairs 
(ha, la) and (hb, lb) are compatible, and, consequently, that the numbers ha, la, 
and hb belong to a same legitimate card (a step of an RSA algorithm, page 467). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine generating a random number in the reader, choose a 
pair of distinct numbers, and using the public keys to check the compatibility of the 
smart card, as taught by Schneier . with the method of Urata/Kawan . It would have been 
obvious for such modifications because these limitations verify a proper smart card 
based on the key checking, known as a digital signature. 

Regarding claim 15 . the combination of Urata as modified by Kawan/Schneier 
teaches wherein said pairs (hi, li) to be contained on the smart card are generated by: 

• Choosing a prefix of 11 once for all transactions, or changed whenever needed, 
wherein said prefix is publicly known (a step of an RSA algorithm, see page 467 
of Schneier); and 

• Providing a sequence, such that the sequence is generated so that a same 
number is not chosen twice, and so that corresponding other li's are not chosen 
as new 11 s (a step of an RSA algorithm, see page 467 of Schneier). 

Regarding claim 16 , the combination of Urata as modified by Kawan/Schneier 
teaches further comprising: 

• Concatenating the prefix and the sequence to form 11 (a step of an RSA 
algorithm, forming the product of two primes, see page 467 of Schneier); and 
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• Choosing a function f which is invertible and is publicly known, to construct 12 = 
f(M ), 13 f(l2), and so forth (a step of an RSA algorithm, use Euclidean algorithm 
on two primes, see page 467 of Schneier). 

Regarding claim 17 , the combination of Urata as modified by Kawan/Schneier 
teaches wherein the function f is chosen to be the identity map, in which case 11 = 12 = 
13 = ... =IN (a step of an RSA algorithm, where the message is encrypted in blocks, 
where the same encryption method is used for each block, see page 467 of Schneier). 

Regarding claim 18 . the combination of Urata as modified by Kawan/Schneier 
teaches choosing, for a number N, N public key-private key pairs, such that a first 
private key V1 is for computing hi = V1 (11), a second private key V2 is for computing 
h2 = V2(I2), and so on (a step of an RSA algorithm, where the message is encrypted in 
blocks, see page 467 of Schneier). 

Regarding claim 20 . the combination of Urata as modified by Kawan teaches all 
the limitations of claim 1 , above. However, the combination of Urata as modified by 
Kawan does not teach wherein, when the smart card is read by a reader, a random 
generator is prompted which provides two integer numbers, a and b, which are not 
between 1 and N, with a < b. 
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Schneier teaches wherein, when the smart card is read by a reader, a random 
generator is prompted which provides two integer numbers, a and b, which are not 
between 1 and N, with a < b (a step of an RSA algorithm, see page 467). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine generating a random number when the smart card is 
read, the random numbers are a and b f with a < b, as taught by Schneier , with the 
method of Urata/Kawan . It would have been obvious for such modifications because 
these limitations select a public key of the reader for use in a public key algorithm. The 
public key can then be used to encrypt data so that only the intended recipient can 
decrypt the data. 

Regarding claim 21 , the combination of Urata as modified bv Kawan/Schneier 
teaches wherein said numbers a, b are transmitted to the smart card which delivers two 
high numbers ha, hb, and a low number la in a channel a, and wherein the pair (a, b), 
together with a function f in a memory in the reader, are used to compute the low 
number lb=f (b " a) (la), said memory in said reader delivering public keys Va" 1 and Vb" 1 (a 
step of an RSA algorithm, see page 467 of Schneier). 

Regarding claim 22 , the combination of Urata as modified bv Kawan/Schneier 
teaches wherein the public keys are used by a comparator together with the pairs (ha, 
la) and (hb, lb), to verify that the pairs are compatible with the corresponding keys, and 
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that the pairs are from a same legitimate card (a step of an RSA algorithm, see page 
467 of Schneier). 

Claims 2. 10-12. 14. 23. and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Urata (USPN '272) in view of Kawan (USPN '324), and further in 
view of Perlman et al. (U.S. Patent No. 5,261,002). 

Regarding claim 2 . the combination of Urata as modified by Kawan teaches 
providing a reader for reading said smart card (see fig. 2, ref. num 210 of Kawan). 
However, the combination of Urata as modified by Kawan does not teach including a 
database holding information related to unauthorized smart cards, said reader being 
on-line, such that said reader is operatively connected to a network, only when said 
database of said reader is being updated by said network. 

Perlman et al. teaches including a database holding information related to 
unauthorized smart cards, said reader being on-line, such that said reader is operatively 
connected to a network, only when said database of said reader is being updated by 
said network (col. 3, lines 38-40, col. 6, lines 37-39, and fig. 1, ref. num 24-30). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a reader including a database of unauthorized smart 
cards, said reader being online and connected to a network only when said reader is 


Application/Control Number: 09/685,026 Page 1 1 

Art Unit: 2136 

being updated, as taught by Perlman et aL with the system of Urata/Kawan . It would 
have been obvious for such modifications because the off-line version of the blacklist 
provides a listing of all users who are intruders; the periodic updating allows a newer list 
of intruders to be known. 

Regarding claim 10 . the combination of Urata as modified by Kawan teaches all 
the limitations of claim 1 , above. However, the combination of Urata as modified by 
Kawan does not teach further comprising periodically communicating, by a reader of 
said smart card, with a database where a predetermined characteristic of the card is 
checked. 

Perlman et al. teaches further comprising periodically communicating, by a 
reader of said smart card, with a database where a predetermined characteristic of the 
card is checked (col. 3, lines 38-40 and fig. 1, ref. num 16-18). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine periodically communicating with a database where a 
predetermined characteristic of the card is checked, as taught bv Perlman et al. , with 
the method of Urata/Kawan . It would have been obvious for such modifications 
because the off-line version of the blacklist provides a listing of all users who are 
intruders; the periodic updating allows a newer list of intruder to be known. 


i 
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Regarding claim 11 . the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein the predetermined characteristic comprises whether a smart card 
has delivered more than a predetermined amount of money to a user of the smart card 
(see col. 7, lines 21-23 of Perlman et al.). 

Regarding claim 12 . the combination of Urata as modified by Kawan/Perlman et 
aj. teaches wherein if a card is detected as delivering too much money, the database 
communicates a corresponding number 11 to all readers in a network, so that smart 
cards carrying said corresponding number are declined (see col. 7, lines 14-26 of 
Perlman et al.). 

Regarding claim 14 . the combination of Urata as modified by Kawan teaches all 
the limitations of claim 1 , above. However, the combination of Urata as modified by 
Kawan does not teach wherein said smartcard is invalidated after a predetermined time 
of usage. 

Perlman et al. teaches wherein said smartcard is invalidated after a 
predetermined time of usage (fig. 2, ref. num 42). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine invalidating the smartcard after a predetermined time 
of usage, as taught by Perlman et al. . with the method of Urata/Kawan . It would have 
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been obvious for such modifications because the time limit threshold provides more 
security by allowing only a certain time of use. This prevents someone from stealing the 
card and using it for any length of time. 

Regarding claim 23 . the combination of Urata as modified by Kawan teaches all 
the limitations of claim 1 , above. However, the combination of Urata as modified by 
Kawan does not teach further comprising performing a final validation of the smart card 
by at least one of contacting a central database if an entire transaction is made on-line 
with no penalty; and checking with a local database in a reader, said local database 
being refreshed periodically by contact between said local database and said central 
database. 

Perlman etal. teaches further comprising performing a final validation of the 
smart card by at least one of: 

• Contacting a central database if an entire transaction is made on-line with no 
penalty (col. 6, lines 37-39); and 

Checking with a local database in a reader, said local database being refreshed 
periodically by contact between said local database and said central database 
(col. 3, lines 38-40 and fig. 1 , ref. num 24-30). 


It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the reader including a database for linking to a network 
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for periodic updates, as taught by Perlman et aL with the method of Urata/Kawan . It 
would have been obvious for such modifications because the off-line version of the 
blacklist provides a listing of all users who are intruders; the periodic updating allows a 
newer list of intruder to be known. 

Regarding claim 26 , Urata teaches a system for preventing cloning of a smart 
card, comprising: 

• A smart card such that a cryptographic structure for authorizing the smart card is 
not carried on the smart card (col. 2, lines 32-52). 

Urata does not teach a reader for reading the smart card and including a 
database for linking to a network and being updated periodically with a list of 
unauthorized smart cards, wherein said cryptographic structure is kept secret by 
whoever emits the card or an agent thereof, 

Kawan teaches wherein said cryptographic structure is kept secret by whoever 
emits the card or an agent thereof (col. 9, lines 36-43). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine wherein said cryptographic structure can be built only 
by whoever emits the card or an agent thereof, as taught by Kawan . with the system of 
Urata . It would have been obvious for such modifications because keeping the 
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cryptographic structure secret to only those who emit the card prevents someone from 
counterfeiting a smart card (see col. 9, lines 36-40 of Kawan). 

The combination of Urata as modified by Kawan still does not teach a reader for 
reading the smart card and including a database for linking to a network and being 
updated periodically with a list of unauthorized smart cards. 

Perlman et al. teaches a reader for reading the smart card and including a 
database for linking to a network and being updated periodically with a list of 
unauthorized smart cards (col. 3, lines 38-40, col. 6, lines 37-39, and fig. 1, ref. num 24- 
30). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a reader for reading the smart card and including a 
database for linking to a network and being updated periodically with a list of 
unauthorized smart cards, as taught by Perlman et al. . with the system of Urata/Kawan . 
It would have been obvious for such modifications because the off-line version of the 
blacklist provides a listing of all users who are intruders; the periodic updating allows a 
newer list of intruders to be known. 
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Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over Urata 
(USPN '272) in view of Kawan (USPN '324), and Schneier . and further in view of 
Perlman et a\. (USPN '002). 

Regarding claim 19 . the combination of Urata as modified by Kawan/Schneier 
teaches further comprising: verifying whether the smart card is authentic (digital 
signature of an RSA algorithm, see page 473 of Schneier). 

The combination of Urata as modified by Kawan/Schneier does not teach 
checking whether the smart card is not in a list of cards to be refused. 

Perlman et al. teaches checking whether the smart card is not in a list of cards to 
be refused (col. 6, lines 37-39). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine checking the list of smart cards to be refused, as 
taught by Perlman etal. . with the method of Urata/Kawan/Schneier . It would have been 
obvious for such modifications because the limitations provide a listing of all users who 
are intruders. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon Hoffman whose telephone number is 571-272- 
3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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